diff --git a/action.php b/action.php
index 2804f07..b2a8e22 100644
--- a/action.php
+++ b/action.php
@@ -56,6 +56,17 @@ switch ($VARS['action']) {
                 returnToSender("generic_op_error");
         }
         break;
+    case "chpin":
+        $error = [];
+        if (!($VARS['newpin'] == "" || (is_numeric($VARS['newpin']) && strlen($VARS['newpin']) >= 1 && strlen($VARS['newpin']) <= 8))) {
+            returnToSender("invalid_pin_format");
+        }
+        if ($VARS['newpin'] == $VARS['conpin']) {
+            $database->update('accounts', ['pin' => ($VARS['newpin'] == "" ? null : $VARS['newpin'])], ['uid' => $_SESSION['uid']]);
+            returnToSender("pin_updated");
+        }
+        returnToSender("new_pin_mismatch");
+        break;
     case "add2fa":
         if (is_empty($VARS['secret'])) {
             returnToSender("invalid_parameters");
diff --git a/apps/change_pin.php b/apps/change_pin.php
new file mode 100644
index 0000000..0e0630c
--- /dev/null
+++ b/apps/change_pin.php
@@ -0,0 +1,27 @@
+<?php
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+dieifnotloggedin();
+
+$newpin = lang("new pin", false);
+$conpin = lang("confirm pin", false);
+$change = lang("change pin", false);
+$pinexp = lang("pin explanation", false);
+
+
+$APPS["change_pin"]["title"] = lang("change pin", false);
+$APPS["change_pin"]["icon"] = "th";
+$APPS["change_pin"]["content"] = <<<CONTENTEND
+<div class="alert alert-info"><i class="fa fa-info-circle"></i> $pinexp</div>
+<form action="action.php" method="POST">
+    <input type="password" class="form-control" name="newpin" placeholder="$newpin" maxlength="8" pattern="[0-9]*" inputmode="numeric" />
+    <input type="password" class="form-control" name="conpin" placeholder="$conpin" maxlength="8" pattern="[0-9]*" inputmode="numeric" />
+    <input type="hidden" name="action" value="chpin" />
+    <input type="hidden" name="source" value="security" />
+    <br />
+    <button type="submit" class="btn btn-success btn-sm btn-block">$change</button>
+</form>
+CONTENTEND;
diff --git a/lang/en_us.php b/lang/en_us.php
index 97c90a5..a87b40a 100644
--- a/lang/en_us.php
+++ b/lang/en_us.php
@@ -98,5 +98,12 @@ $STRINGS = [
     "secret key" => "Secret key",
     "label" => "Label",
     "issuer" => "Issuer",
-    "no such code or code expired" => "That code is incorrect or expired."
+    "no such code or code expired" => "That code is incorrect or expired.",
+    "pin explanation" => "Change or set a login PIN for the Station kiosk Quick Access.  PIN codes must be between one and eight digits.",
+    "change pin" => "Change PIN",
+    "new pin" => "New PIN",
+    "confirm pin" => "New PIN (again)",
+    "pin updated" => "PIN updated.",
+    "new pin mismatch" => "The new PINs don't match each other.",
+    "invalid pin format" => "PIN codes must be numeric and between one and eight digits in length.",
 ];
diff --git a/lang/messages.php b/lang/messages.php
index 5e9715a..97528de 100644
--- a/lang/messages.php
+++ b/lang/messages.php
@@ -60,5 +60,18 @@ define("MESSAGES", [
     "generic_op_error" => [
         "string" => "generic op error",
         "type" => "danger"
+    ],
+    "pin_updated" => [
+        "string" => "pin updated",
+        "type" => "success"
+    ],
+    "new_pin_mismatch" => [
+        "string" => "new pin mismatch",
+        "type" => "danger"
+    ],
+    "invalid_pin_format" => [
+        "string" => "invalid pin format",
+        "type" => "danger"
     ]
+    
 ]);
diff --git a/pages.php b/pages.php
index 200a701..f57cc90 100644
--- a/pages.php
+++ b/pages.php
@@ -35,7 +35,8 @@ define("APPS", [
     "security" => [
         "sync_mobile",
         "change_password",
-        "setup_2fa"
+        "setup_2fa",
+        "change_pin"
     ],
     "404" => [
         "404_error"